Security integrity and an assurance have become increasingly important as Internet and world-wide-web usage have become more prevalent and capabilities of these media have grown. The significance of security integrity and assurance has also increased because businesses, government departments, medical organisations and individuals have become somewhat reliant on computer networks and on security of proprietary information transmitted across these networks being of an acceptable level. In an information-driven society it is essential that security systems designed to prevent unauthorised access to information and restricted areas can be relied upon. This challenge is complicated by recent growth in computer and security fraud and code-breaking capacity.
Data transferred across the Internet and other publicly accessible communication networks can be intercepted. It is possible for an unauthorised snoop to intercept data for which they are not the intended recipient. Whilst intercepted data of this kind may be encrypted, it is possible for the data to be analysed if adequate computer power and sufficiently sophisticated code-breaking software is used. Such unauthorised access to data enables snoops to create mischief. However, in many cases, unauthorised access will have more serious consequences.
Fortunately, as computer and identity fraud becomes more sophisticated, so too do security methods and devices which are implemented to combat this fraud. Data encryption is now commonplace and the length of encryption codes is growing in step with processing power available to decipher them. It is now relatively common to use encryption keys having 1024 bits or more. Other security standards such as those deployed by CISCO “roll” encryption codes. That is, data encryption codes are changed dynamically as the data is transferred. This adds a further layer of complexity to the encryption method, thereby reducing the likelihood of an unauthorised security breach occurring.
Recently, use of biometric data has been realised as suitable for verifying the identity of a person requiring access to a restricted area, restricted information, a network intended for restricted use or other such facilities. U.S. Pat. No. 6,016,476 (Maes, et al.) presents a system operating on a PDA in which both voice recognition biometric data and a current certified digital certificate must be present and verified before allowing a transaction to be completed.
A disadvantage of this type of system is that voice biometric data validation is imprecise. Therefore, on some occasions, the system may inadvertently verify users who are not authorised users, enabling them to gain access to a restricted area. A further disadvantage is presented when an attempt at voice biometric data verification is made in a noisy environment. In noisy surrounds, voice biometric data verification is difficult, if not impossible to detect, due to interference caused by ambient and environmental sounds.
European patent EP1263164A1 (Büttiker) presents a portable information and transaction processing system and method utilising biometric authorisation and digital certificate security. EP1263164A1 discloses registration of a public key infrastructure based on credentials which include biometric data. Such biometric data may include data from a subject's fingerprints which is used as input in the security authorisation method. A drawback of this method is that validation of a single biometric parameter suffers problems of reliability because a single biometric validation process can be “cracked” or “fooled” with relative ease. U.S. Pat. No. 6,310,966 B1 (Dulude et al.) which discloses a system in which biometric data is combined with digital certificates for electronic authentication as “biometric certificates” suffers a similar drawback.
It is an object of the present invention to overcome or at least ameliorate one or more of the disadvantages described above.
The discussion of the background to the invention included herein including reference to documents, acts, materials, devices, articles and the like is intended to explain the context of the present invention. This is not to be taken as an admission or a suggestion that any of the material referred to was published, known or part of the common general knowledge in the area as at the priority date of any of the claims.